Quanah Gibson-Mount wrote:
All write ops (add/mod/rename/delete etc) get stored in the accesslog
Fallback only occurs when the change has been expired out of the accesslog
One of the caveats with delta-syncrepl is that partial replication based on
ACLs gets much more complicated.
In case of OATH-LDAP I don't want to replicate attribute 'oathSecret' to
read-only consumers because it's of no use there anyway. So I have separate
groups for providers and all replicas applying different ACLs to them.
Defining ACLs for distinct values in accesslog's 'reqMod' attribute is not
impossible but more complex. Especially I expect it's not tested with
delta-syncrepl at all so far.